What is the severity of CVE-2004-2318?

CVE-2004-2318 is classified as a temporary denial of service vulnerability.

How is CVE-2004-2318 exploited?

CVE-2004-2318 can be exploited by sending specially crafted requests with two percent signs in the CMD parameter to the SurgeFTP administrative interface.

Which versions of SurgeFTP are affected by CVE-2004-2318?

CVE-2004-2318 affects SurgeFTP Server versions 1.0b through 2.2k1.

How can I mitigate the impact of CVE-2004-2318?

To mitigate the impact of CVE-2004-2318, it is recommended to upgrade to a version of SurgeFTP Server that is not vulnerable.

Is there a patch available for CVE-2004-2318?

There is no specific patch mentioned for CVE-2004-2318, but upgrading to a fixed version of SurgeFTP is advised.

Vulnerability/
CVE-2004-2318

medium

CWE

NVD-CWE-Other

31/12/2004

16/8/2005

8/8/2024

CVE-2004-2318

First published: Fri Dec 31 2004(Updated: )

The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
NetWin SurgeFTP	=1.0b
NetWin SurgeFTP	=2.2k1
NetWin SurgeFTP	=2.0c
NetWin SurgeFTP	=2.0a
NetWin SurgeFTP	=2.0b
NetWin SurgeFTP	=2.0a
NetWin SurgeFTP	=2.0d
NetWin SurgeFTP	=2.0e
NetWin SurgeFTP	=2.0f
NetWin SurgeFTP	=2.0b
NetWin SurgeFTP	=1.0b
NetWin SurgeFTP	=1.0b
NetWin SurgeFTP	=1.0b
NetWin SurgeFTP	=2.0a
NetWin SurgeFTP	=2.0a
NetWin SurgeFTP	=2.0b
NetWin SurgeFTP	=2.0b
NetWin SurgeFTP	=2.0c
NetWin SurgeFTP	=2.0d
NetWin SurgeFTP	=2.0e
NetWin SurgeFTP	=2.0f
NetWin SurgeFTP	=2.2k1

Remedy

http://www.secunia.com/advisories/10758/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-2318?
CVE-2004-2318 is classified as a temporary denial of service vulnerability.
How is CVE-2004-2318 exploited?
CVE-2004-2318 can be exploited by sending specially crafted requests with two percent signs in the CMD parameter to the SurgeFTP administrative interface.
Which versions of SurgeFTP are affected by CVE-2004-2318?
CVE-2004-2318 affects SurgeFTP Server versions 1.0b through 2.2k1.
How can I mitigate the impact of CVE-2004-2318?
To mitigate the impact of CVE-2004-2318, it is recommended to upgrade to a version of SurgeFTP Server that is not vulnerable.
Is there a patch available for CVE-2004-2318?
There is no specific patch mentioned for CVE-2004-2318, but upgrading to a fixed version of SurgeFTP is advised.

collector/nvd-historical
vendor/netwin
product/surgeftp
canonical/netwin surgeftp
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/remedy
agent/weakness
agent/last-modified-date
agent/description
agent/tags
agent/event
agent/source
version/netwin surgeftp/1.0b
version/netwin surgeftp/2.2k1
version/netwin surgeftp/2.0c
version/netwin surgeftp/2.0a
version/netwin surgeftp/2.0b
version/netwin surgeftp/2.0d
version/netwin surgeftp/2.0e
version/netwin surgeftp/2.0f

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.